Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
*************************************************************************
            @RISK: The Consensus Security Vulnerability Alert
December 26,2008                                         Vol. 7. Week 52
*************************************************************************
@RISK is the SANS community's consensus bulletin summarizing the
most important vulnerabilities and exploits identified during the
past week and providing guidance on appropriate actions to protect
your systems (PART I). It also includes a comprehensive list of all
new vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform                        Number of Updates and Vulnerabilities
- ------------------------        -------------------------------------
Third Party Windows Apps			5 (#2, #3, #4)
Linux						1
BSD						1
Solaris						2
Cross Platform					16 (#1)
Web Application - Cross Site Scripting		5
Web Application - SQL Injection			23
Web Application					27
Network Device					3

*************************************************************************
TRAINING UPDATE
- - SANS 2009 in Orlando in early march Ð the largest security training 
conference and expo in the world. lots of evening sessions: 
http://www.sans.org/
- - SANS Security West Las Vegas (1/24-2/01) 
http://sans.org/securitywest09/
- - Looking for training in your own Community?  http://sans.org/community/
For a list of all upcoming events, on-line and live: www.sans.org
*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint 
(www.tippingpoint.com)
Widely Deployed Software
(1) HIGH: Fujitsu-Siemens WebTransactions Arbitrary Command Execution
(2) HIGH: Trend Micro House Call ActiveX Control Remote Code Execution
(3) MODERATE: FreeSSHd Multiple Buffer Overflows
(4) LOW: Google Chrome Command Injection Vulnerability

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from 
Qualys (www.qualys.com)
- -- Third Party Windows Apps
08.52.1  - Phoenician Casino "FlashAX" ActiveX Control Remote Buffer 
Overflow
08.52.2  - CoolPlayer Skin File Buffer Overflow
08.52.3  - Trend Micro HouseCall ActiveX Control Remote Code Execution
08.52.4  - Trend Micro HouseCall ActiveX Control Library File Remote Code 
Execution
08.52.5  - freeSSHd SFTP Commands Multiple Remote Buffer Overflow 
Vulnerabilities
- -- Linux
08.52.6  - Ubuntu "libvirt" Local Security Bypass
- -- BSD
08.52.7  - FreeBSD netgraph and bluetooth Local Privilege Escalation 
Vulnerabilities
- -- Solaris
08.52.8  - Sun Solaris IP Tunnel Param Local Code Execution
08.52.9  - Sun Solaris Name Service Cache Daemon (nscd(1M)) Local 
Privilege Escalation
- -- Cross Platform
08.52.10 - PDFjam Multiple Insecure Temporary File Creation 
Vulnerabilities
08.52.11 - GpsDrive Multiple Insecure Temporary File Creation 
Vulnerabilities
08.52.12 - Opera Web Browser HTML Parsing Heap-Based Remote Code 
Execution
08.52.13 - Sun Java Web Start and Java Plug-in JAR File Privilege 
Escalation
08.52.14 - Adobe Flash Player Unspecified Remote Security
08.52.15 - PHP Python Extension "safe_mode" Restriction Bypass
08.52.16 - Irrlicht B3D loader Buffer Overflow
08.52.17 - GNU Classpath "gnu.java.security.util.PRNG" Class Entropy 
Weakness
08.52.18 - ESET Smart Security "epfw.sys" Local Privilege Escalation
08.52.19 - KnowledgeTree Multiple Unspecified Vulnerabilities
08.52.20 - Netatalk Printing Request Arbitrary Command Injection
08.52.21 - webcamXP URL Directory Traversal
08.52.22 - PHP "mbstring" Extension Buffer Overflow
08.52.23 - University Of Washington IMAP c-client Buffer Overflow
08.52.24 - Qemu and KVM VNC Server Remote Denial of Service
08.52.25 - YourPlace 1.0.2 Multiple Remote Vulnerabilities
- -- Web Application - Cross Site Scripting
08.52.26 - phpcksec "phpcksec.php" Cross-Site Scripting
08.52.27 - Novell Identity Manager Multiple Cross-Site Scripting 
Vulnerabilities
08.52.28 - myPHPscripts Login Session "login.php" Cross-Site Scripting
08.52.29 - TYPO3 DR Wiki Extension Unspecified Cross-Site Scripting
08.52.30 - TYPO3 Vox populi Unspecified Cross-Site Scripting
- -- Web Application - SQL Injection
08.52.31 - MyPBS "seasonID" Parameter SQL Injection
08.52.32 - TYPO3 Commerce Extension Unspecified SQL Injection
08.52.33 - Drupal Views Content Construction Kit SQL Injection
08.52.34 - Tech Articles Joomla! Component
08.52.35 - Lizardware CMS
08.52.36 - TinyMCE "menuID" Parameter SQL Injection
08.52.37 - r.cms Multiple SQL Injection Vulnerabilities
08.52.38 - DO-CMS "p" Parameter Multiple SQL Injection Vulnerabilities
08.52.39 - EasySiteNetwork Jokes Complete Website "joke.php" SQL 
Injection
08.52.40 - I-RATER Basic "messages.php" SQL Injection
08.52.41 - 2532|Gigs "index.php" SQL Injection
08.52.42 - Courier-Authlib Non-Latin Character Handling Postgres SQL 
Injection
08.52.43 - Joomla HBS "com_hbssearch" Joomla! Component "r_type" 
Parameter SQL Injection
08.52.44 - Joomla HBS "com_tophotelmodule" Joomla! Component 'id' 
Parameter SQL Injection
08.52.45 - Constructr CMS "show_page" Parameter SQL Injection
08.52.46 - Userlocator "y" Parameter SQL Injection
08.52.47 - RSS Simple News "news.php" SQL Injection
08.52.48 - Pligg "check_url.php" SQL Injection
08.52.49 - Joomla Apps Volunteer Management Component "job_id" Parameter 
SQL Injection
08.52.50 - SolarCMS "cat" Parameter SQL Injection
08.52.51 - MySQL Calendar "username" Parameter SQL Injection
08.52.52 - TYPO3 TU-Clausthal Staff Extension Unspecified SQL Injection
08.52.53 - TYPO3 WEBERkommunal Facilities Extension Unspecified SQL 
Injection
- -- Web Application
08.52.54 - ClaSS "scripts/export.php" Information Disclosure
08.52.55 - Online Keyword Research Tool "download.php" Local File Include
08.52.56 - PECL Alternative PHP Cache Local HTML Injection
08.52.57 - Extract Website "download.php" Local File Include
08.52.58 - K&S Shopsystem "images.php" Arbitrary File Upload
08.52.59 - Drupal Services Module Insecure Signing Multiple Security 
Vulnerabilities
08.52.60 - ADbNewsSender SQL Injection and Cross-Site Scripting 
Vulnerabilities
08.52.61 - 2532designs 2532|Gigs Local File Include and Arbitrary File 
Upload Vulnerabilities
08.52.62 - MySQL Calendar Cookie Authentication Bypass
08.52.63 - Phpclanwebsite Multiple Input Validation Vulnerabilities
08.52.64 - 2532|Gigs "calcss_edit.php" Remote Command Execution
08.52.65 - Gobbl CMS Cookie Authentication Bypass
08.52.66 - MyPHPsite "index.php" Local File Include
08.52.67 - Fujitsu-Siemens WebTransactions Unspecified Remote Command 
Execution
08.52.68 - PECL Alternative PHP Cache Local Denial of Service
08.52.69 - FreeLyrics "source.php" Information Disclosure
08.52.70 - BLOG "image_upload.php" Arbitrary File Upload
08.52.71 - ReVou Arbitrary File Upload
08.52.72 - Constructr CMS Directory Traversal
08.52.73 - OneOrZero Arbitrary File Upload
08.52.74 - phpg Multiple Input Validation Vulnerabilities
08.52.75 - phpCollab Multiple Input Validation Vulnerabilities
08.52.76 - Page Flip Image Gallery "getConfig.php" Information Disclosure
08.52.77 - Git gitweb "diff.external" Local Privilege Escalation
08.52.78 - Text Lines Rearrange Script "download.php" Information 
Disclosure
08.52.79 - Merak Mail Server and Webmail Email Message HTML Injection
08.52.80 - TYPO3 WEC Discussion Extension SQL Injection and Cross Site 
Scripting Vulnerabilities
- -- Network Device
08.52.81 - Linksys Wireless-G ADSL Gateway WAG54GS V2.0 Remote Buffer 
Overflow
08.52.82 - PowerStrip "pstrip.sys" Local Privilege Escalation
08.52.83 - COMTREND CT-536 and HG-536 Routers Multiple Remote 
Vulnerabilities

______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint,
a division of 3Com, as a by-product of that company's continuous
effort to ensure that its intrusion prevention products effectively
block exploits using known vulnerabilities. TippingPoint's
analysis is complemented by input from a council of security
managers from twelve large organizations who confidentially share
with SANS the specific actions they have taken to protect their
systems. A detailed description of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) HIGH: Fujitsu-Siemens WebTransactions Arbitrary Command Execution
Affected:
Fujitsu-Siemens WebTransactions versions 7.1 and prior

Description: Fujitsu-Siemens WebTransactions, part of the
Fujitsu-Siemens openSEAS suite,  is a popular enterprise middleware
application that provides access to legacy or otherwise not web-enabled
software via the web. It fails to properly sanitize user input
in certain situations, leading to an arbitrary command execution
vulnerability. Successfully exploiting this vulnerability would allow
an attacker to execute arbitrary commands with the privileges of the
vulnerable process.  Technical details are publicly available for
this vulnerability.

Status: Vendor confirmed, updates available.

References:
Vendor Security Advisory
http://bs2www.fujitsu-siemens.de/update/securitypatch.htm#english
SEC Consult Security Advisory
http://www.sec-consult.com/files/20081219-0_fujitsu-
siemens_webta_cmdexec.txt
Product Home Page
http://www.fujitsu-siemens.de/products/software/openseas/index.html
SecurityFocus BID
http://www.securityfocus.com/bid/32927

***********************************************************

(2) HIGH: Trend Micro House Call ActiveX Control Remote Code Execution
Affected:
Trend Micro House Call ActiveX Control versions prior to 6.6.1285

Description: Trend Micro House Call is a popular online-based malware
scanning service. Part of its functionality is provided by an ActiveX
control. This control contains a memory corruption vulnerability. A
specially crafted web page that instantiates this control could trigger
this vulnerability, allowing an attacker to execute arbitrary code
with the privileges of the current user. Some technical details are
publicly available for this vulnerability.

Status: Vendor confirmed, updates available. Users can mitigate the 
impact of this vulnerability by disabling the affected control via 
Microsoft's "kill bit" mechanism. Note that this could impact normal 
application functionality.

References:
Secunia Research Advisory
http://secunia.com/secunia_research/2008-34/
Vendor Hot Fix
http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-
1038646&id=EN-1038646
Product Home Page
http://housecall.trendmicro.com/
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
SecurityFocus BID
http://www.securityfocus.com/bid/32950

***********************************************************

(3) MODERATE: FreeSSHd Multiple Buffer Overflows
Affected:
FreeSSHd versions 1.2.1 and prior

Description: FreeSSHd is a free Secure Shell (SSH) server for Microsoft 
Windows. It also provides Secure File Transfer Protocol (SFTP) services. 
The SFTP server contains multiple buffer overflows in its handling of 
user commands. A logged-in user could trigger one of these 
vulnerabilities by sending an overlong command to the server. 
Successfully exploiting this code would allow an attacker to execute
arbitrary code with the privileges of the vulnerable process. A
proof-of- concept is publicly available for these vulnerabilities. Note
that attackers must have valid authentication credentials to exploit
this vulnerability.

Status: Vendor has not confirmed, no updates available.

References:
BMGSEC Advisory
http://www.bmgsec.com.au/advisories/freeSSHd-bof.txt
Vendor Home Page
http://www.freesshd.com
Wikipedia Article on the Secure Shell Protocol
http://en.wikipedia.org/wiki/Secure_Shell
SecurityFocus BID
Not yet available.

***********************************************************

(4) LOW: Google Chrome Command Injection Vulnerability
Affected:
Google Chrome versions 1.0.154.36 and prior

Description: Chrome is a popular web browser from Google. It is
reported to be vulnerable to a command injection vulnerability due
to insufficient sanitization of "chomeHTML" URLs. However, other
reports have indicated that this vulnerability may not be exploitable
by remote users.  Additionally, some reports have indicated that
Microsoft Internet Explorer 8 Beta may be vulnerable when Google
Chrome is installed.  Proofs-of-concept are publicly available for
this vulnerability, but no confirmation of exploitability.

Status: Vendor has not confirmed, no updates available.

References:
Retrogod Security Advisory (includes proof-of-concept)
http://retrogod.altervista.org/9sg_chrome.html
Post Indicating Non-Exploitability
http://www.securityfocus.com/archive/1/499581
Product Home Page
http://www.google.com/chrome
SecurityFocus BIDs
http://www.securityfocus.com/bid/32997
http://www.securityfocus.com/bid/32999


*******************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 52, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As
of this week Qualys scans for 5549 unique vulnerabilities. For this
special SANS community listing, Qualys also includes vulnerabilities
that cannot be scanned remotely.

______________________________________________________________________

08.52.1 CVE: Not Available
Platform: Third Party Windows Apps
Title: Phoenician Casino "FlashAX" ActiveX Control Remote Buffer
Overflow
Description: The Phoenician Casino "FlashAX" ActiveX control provides
gambling functionality for their online casino. The control is exposed
to a stack-based buffer overflow issue because it fails to perform
adequate boundary checks on user-supplied input.
Ref: http://www.securityfocus.com/bid/32901
______________________________________________________________________

08.52.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: CoolPlayer Skin File Buffer Overflow
Description: CoolPlayer is a media player for the Windows operating
system. CoolPlayer is exposed to a buffer overflow issue because it
fails to perform adequate boundary checks on user-supplied data.
CoolPlayer version 219 is affected.
Ref: http://www.securityfocus.com/archive/1/499480
______________________________________________________________________

08.52.3 CVE: CVE-2008-2435
Platform: Third Party Windows Apps
Title: Trend Micro HouseCall ActiveX Control Remote Code Execution
Description: The Trend Micro HouseCall ActiveX control is used to scan
for and address malicious code infections. The control is exposed to
a remote code execution issue that affects "Housecall_ActiveX.dll".
This issue arises because the application allows attackers to
dereference previously freed memory though a call to the
"notifyOnLoadNative()" function. HouseCall versions 6.51.0.1028 and
6.6.0.1278 are affected.
Ref: http://secunia.com/secunia_research/2008-34/
______________________________________________________________________

08.52.4 CVE: CVE-2008-2434
Platform: Third Party Windows Apps
Title: Trend Micro HouseCall ActiveX Control Library File Remote Code
Execution
Description: The Trend Micro HouseCall ActiveX control is used to scan
for and address malicious code infections. The control is exposed to
a remote code execution issue that affects "Housecall_ActiveX.dll".
This issue arises because the application allows attackers to download
and load arbitrary library files by specifying a custom update server.
HouseCall versions 6.51.0.1028 and 6.6.0.1278 are affected.
Ref: http://secunia.com/secunia_research/2008-32/
______________________________________________________________________

08.52.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: freeSSHd SFTP Commands Multiple Remote Buffer Overflow
Vulnerabilities
Description: freeSSHd is an SSH server for Microsoft Windows. The
application is exposed to multiple remote buffer overflow issues
because it fails to perform adequate boundary checks on user-supplied
data. freeSSHd version 1.2.1 is affected.
Ref: http://www.securityfocus.com/archive/1/499486
______________________________________________________________________

08.52.6 CVE: CVE-2008-5086
Platform: Linux
Title: Ubuntu "libvirt" Local Security Bypass
Description: "libvirt" is a toolkit to interact with the
virtualization capabilities of recent versions of Linux. The library
is exposed to a local security bypass issue. Specifically, the issue
is caused by a failure to correctly mark certain operations as
read-only.
Ref: https://www.redhat.com/archives/libvir-list/2008-December/msg0052
2.html
______________________________________________________________________

08.52.7 CVE: Not Available
Platform: BSD
Title: FreeBSD netgraph and bluetooth Local Privilege Escalation
Vulnerabilities
Description: FeeBSD is prone to multiple local privilege escalation
vulnerabilities. The issues occur because certain function pointers
for the netgraph and bluetooth sockets are not properly initialized.
Local attackers can exploit these issues in the context of the kernel.
All versions of FreeBSD are affected.
Ref: http://www.securityfocus.com/bid/32976
______________________________________________________________________

08.52.8 CVE: Not Available
Platform: Solaris
Title: Sun Solaris IP Tunnel Param Local Code Execution
Description: Sun Solaris is exposed to a local code execution issue
because of an error in processing a Solaris IP Tunnel parameter.
Attackers can exploit this issue to execute arbitrary code within the
context of the kernel on x86 systems.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-242266-1

______________________________________________________________________

08.52.9 CVE: Not Available
Platform: Solaris
Title: Sun Solaris Name Service Cache Daemon (nscd(1M)) Local
Privilege Escalation
Description: Sun Solaris is a UNIX-based operating system. Sun Solaris
Name Service Cache Daemon (nscd(1M)) is exposed to a local privilege
escalation issue. Local unprivileged attackers can exploit this issue
to gain access to sensitive information and obtain elevated privileges.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-242006-1

______________________________________________________________________

08.52.10 CVE: Not Available
Platform: Cross Platform
Title: PDFjam Multiple Insecure Temporary File Creation
Vulnerabilities
Description: PDFjam is a collection of scripts which provide an
interface to the "pdfpages" package for pdfLaTeX. An attacker with
local access could potentially exploit these issues to perform
symbolic-link attacks, overwriting temporary files in the context of
the affected application. PDFjam version 1.20 is affected.
Ref: https://bugzilla.novell.com/show_bug.cgi?id=459031
______________________________________________________________________

08.52.11 CVE: Not Available
Platform: Cross Platform
Title: GpsDrive Multiple Insecure Temporary File Creation
Vulnerabilities
Description: GpsDrive is a car navigation application. GpsDrive creates
temporary files in an insecure manner. These issues affect the
"gpsdrive/examples/gpssmswatch" script and the "src/splash.c" and
"src/unit_test.c" source files. GpsDrive version 2.10~pre4-6.dfsg-1 is
affected.
Ref: http://www.securityfocus.com/bid/32887
______________________________________________________________________

08.52.12 CVE: CVE-2008-5679
Platform: Cross Platform
Title: Opera Web Browser HTML Parsing Heap-Based Remote Code Execution
Description: Opera Web Browser is a browser that runs on multiple
operating systems. Opera Web Browser is exposed to a heap based memory
corruption issue because of a flaw in parsing certain HTML constructs.
The flaw may cause the resulting DOM to change and trigger a crash.
Please note that additional techniques may be used to inject malicious
code. Opera versions prior to 9.63 are affected.
Ref: http://www.opera.com/support/kb/view/921/
______________________________________________________________________

08.52.13 CVE: CVE-2008-5343
Platform: Cross Platform
Title: Sun Java Web Start and Java Plug-in JAR File Privilege
Escalation
Description: Sun Java Web Start is a utility included in the Java
Runtime Environment (JRE). It enables Java applications to launch
either from a desktop or from a web page. Sun Java Web Start and Java
Plug-in is exposed to a privilege escalation issue. This issue results
from the affected applications parsing a JAR file that is also a
legitimate GIF image file.
Ref: http://rhn.redhat.com/errata/RHSA-2008-1025.html
______________________________________________________________________

08.52.14 CVE: CVE-2008-5499
Platform: Cross Platform
Title: Adobe Flash Player Unspecified Remote Security
Description: Adobe Flash Player is a multimedia application for
Microsoft Windows, Mozilla, and Apple technologies. Flash Player is
exposed to an unspecified security issue. Remote attackers may exploit
this issue by enticing an unsuspecting user into loading a specially
crafted SWF file. Flash Player versions prior to 10.0.15.3 and
9.0.152.0 are vulnerable.
Ref: http://www.adobe.com/support/security/bulletins/apsb08-24.html
______________________________________________________________________

08.52.15 CVE: Not Available
Platform: Cross Platform
Title: PHP Python Extension "safe_mode" Restriction Bypass
Description: PHP is a general-purpose scripting language that is
especially suited for web development and can be embedded into HTML.
PHP is exposed to a "safe_mode" restriction bypass issue when the
python extension in enabled. PHP version 5.2.5 is affected.
Ref: http://www.securityfocus.com/bid/32902
______________________________________________________________________

08.52.16 CVE: Not Available
Platform: Cross Platform
Title: Irrlicht B3D loader Buffer Overflow
Description: Irrlicht is a real-time 3D engine available for multiple
platforms. Irrlicht is exposed to a buffer overflow issue because it
fails to perform adequate checks on user-supplied input. This issue
occurs in the B3D loader. Irrlicht versions prior to 1.5 are affected.
Ref: http://irrlicht.sourceforge.net/changes.txt
______________________________________________________________________

08.52.17 CVE: CVE-2008-5659
Platform: Cross Platform
Title: GNU Classpath "gnu.java.security.util.PRNG" Class Entropy
Weakness
Description: GNU Classpath is an open-source project that creates
essential core class libraries for use with virtual machines and
compilers for the java programming language. Classpath is exposed to a
weakness that may result in weaker cryptographic security. This issue
occurs in the "PRNG.getInstance()" method of the
"gnu.java.security.util.PRNG" class. Classpath version 0.97.2 is
affected.
Ref: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417
______________________________________________________________________

08.52.18 CVE: Not Available
Platform: Cross Platform
Title: ESET Smart Security "epfw.sys" Local Privilege Escalation
Description: ESET Smart Security is security software with antivirus,
antispam, and firewall protection. ESET Smart Security is exposed to a
local privilege escalation issue in the "epfw.sys" driver. The problem
occurs in the IOCTL handling code. ESET Smart Security versions
3.0.672 and earlier are affected.
Ref: http://www.ntinternals.org/ntiadv0807/ntiadv0807.html
______________________________________________________________________

08.52.19 CVE: Not Available
Platform: Cross Platform
Title: KnowledgeTree Multiple Unspecified Vulnerabilities
Description: KnowledgeTree is an open source document manager. The
application is exposed to multiple issues. An attacker can exploit
these issues to bypass security restrictions, to view sensitive
information, and to steal cookie-based authentication credentials.
Ref: http://sourceforge.net/projects/kt-dms/
______________________________________________________________________

08.52.20 CVE: Not Available
Platform: Cross Platform
Title: Netatalk Printing Request Arbitrary Command Injection
Description: Netatalk is an implementation of AppleTalk Protocol
Suite. The application is exposed to an arbitrary command injection
issue because it fails to sufficiently sanitize certain parameters to
the "popen()" call. Netatalk versions prior to 2.0.4-beta2 are
affected.
Ref: http://sourceforge.net/project/shownotes.php?release_id=648189
______________________________________________________________________

08.52.21 CVE: Not Available
Platform: Cross Platform
Title: webcamXP URL Directory Traversal
Description: webcamXP is a web camera control application. The
application is exposed to a directory traversal issue because it fails
to sufficiently sanitize user-supplied input. Specifically the
application fails to sanitize directory traversal strings contained in
the URL. webcamXP version 5.3.2.375 is affected.
Ref: http://www.securityfocus.com/bid/32928
______________________________________________________________________

08.52.22 CVE: CVE-2008-5557
Platform: Cross Platform
Title: PHP "mbstring" Extension Buffer Overflow
Description: PHP is a general purpose scripting language that is
especially suited for web development and can be embedded into HTML.
The "mbstring" extension provides functions for the manipulation of
Unicode strings. PHP is exposed to a heap-based buffer overflow issue
because it fails to perform boundary checks before copying
user-supplied data to insufficiently sized memory buffers. PHP
versions 4.3.0 up to and including 5.2.6 are affected.
Ref: http://bugs.php.net/bug.php?id=45722
______________________________________________________________________

08.52.23 CVE: CVE-2008-5514
Platform: Cross Platform
Title: University Of Washington IMAP c-client Buffer Overflow
Description: The University of Washington IMAP library is a library
implementing the IMAP mail protocol. University of Washington IMAP is
exposed to a buffer overflow issue that occurs due to a boundary error
within the "rfc822_output_char()" function in the "c-client" library.
The University of Washington IMAP library versions prior to 2007e are
affected.
Ref: http://www.washington.edu/imap/documentation/RELNOTES.html
______________________________________________________________________

08.52.24 CVE: Not Available
Platform: Cross Platform
Title: Qemu and KVM VNC Server Remote Denial of Service
Description: Qemu and KVM are exposed to a remote denial of service
issue that affects the VNC server. Specifically, a specially crafted
packet may send the vulnerable server process into an infinite loop,
resulting in a denial of service condition. This issue is the result
of an error in the "protocol_client_msg()" function in the source code
file "vnc.c".
Ref: http://www.coresecurity.com/content/vnc-remote-dos
______________________________________________________________________

08.52.25 CVE: Not Available
Platform: Cross Platform
Title: YourPlace 1.0.2 Multiple Remote Vulnerabilities
Description: YourPlace is a PHP-based filesystem. The application is
exposed to multiple issues. Attackers can exploit these issues to
upload and execute arbitrary PHP code within the context of the
webserver, execute arbitrary commands and gain unauthorized access to
the affected application. YourPlace version 1.0.2 is affected.
Ref: http://www.securityfocus.com/bid/32971
______________________________________________________________________

08.52.26 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: phpcksec "phpcksec.php" Cross-Site Scripting
Description: phpcksec is PHP-based script that tests the security of a
webserver. The application is exposed to a cross-site scripting issue
because the application fails to sufficiently sanitize user-supplied
input to the "path" parameter of the "phpcksec.php" script. phpcksec
version 0.2.0 is affected.
Ref: http://www.securityfocus.com/bid/32890
______________________________________________________________________

08.52.27 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Novell Identity Manager Multiple Cross-Site Scripting
Vulnerabilities
Description: Novell Identity Manager is an application used for
automating identity management tasks. The application is exposed to
multiple cross-site scripting issues because it fails to sufficiently
sanitize user-supplied input to unspecified parameters related to
"Page Navigation" and "UIQuery".
Ref: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/
readme_5040042.html
______________________________________________________________________

08.52.28 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: myPHPscripts Login Session "login.php" Cross-Site Scripting
Description: myPHPscripts Login Session is a login script. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied data to the "user"
parameter of the "login.php" script. myPHPscripts Login Session
version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/32941
______________________________________________________________________

08.52.29 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: TYPO3 DR Wiki Extension Unspecified Cross-Site Scripting
Description: DR Wiki is an extension for TYPO3. The application is
exposed to an unspecified cross-site scripting issue because it fails
to properly sanitize user-supplied input. DR Wiki versions prior to
1.7.2 are affected.
Ref: http://typo3.org/teams/security/security-bulletins/typo3-20081222
- -3/
______________________________________________________________________

08.52.30 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: TYPO3 Vox populi Unspecified Cross-Site Scripting
Description: Vox populi is an extension for TYPO3. The application is
exposed to an unspecified cross-site scripting issue because it fails
to properly sanitize user-supplied input. Vox populi versions prior to
0.3.1 are affected.
Ref: http://typo3.org/teams/security/security-bulletins/typo3-20081222
- -4/
______________________________________________________________________

08.52.31 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MyPBS "seasonID" Parameter SQL Injection
Description: MyPBS (My PHP Baseball Stats) is a web application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "seasonID" parameter
of the "index.php" script before using it in an SQL query. MyPBS
version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/32930
______________________________________________________________________

08.52.32 CVE: CVE-2008-5609
Platform: Web Application - SQL Injection
Title: TYPO3 Commerce Extension Unspecified SQL Injection
Description: Commerce is an extension for the TYPO3 content manager.
The extension is not part of the TYPO3 default installation. The
extension is exposed to an SQL injection issue because it fails to
sufficiently sanitize input before using it in an SQL query. Commerce
versions prior to 0.9.7 are affected.
Ref: http://typo3.org/teams/security/security-bulletins/typo3-20081020-2/
______________________________________________________________________

08.52.33 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Drupal Views Content Construction Kit SQL Injection
Description: Views is a module for Drupal that allows users to control
how lists of content are presented on a website. The module is exposed
to an SQL injection issue because it fails to sufficiently sanitize
user-supplied input. Drupal Views versions prior to 6.x-2.2 are
vulnerable.
Ref: http://drupal.org/node/348321
______________________________________________________________________

08.52.34 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Tech Articles Joomla! Component
Description: Tech Articles is a PHP-based component for the Joomla!
content manager. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"item" parameter. Tech Articles version 1.0 is affected.
Ref:
http://www.joomlaperformance.com/component/option,com_docman/task,cat_view/gid,
30/Itemid,39/
______________________________________________________________________

08.52.35 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Lizardware CMS
Description: Lizardware CMS is a PHP-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "user" form field in
the "/administrator/index.php" script before using it in an SQL query.
Lizardware CMS versions 0.6.0 and earlier are affected.
Ref: http://www.securityfocus.com/bid/32898
______________________________________________________________________

08.52.36 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TinyMCE "menuID" Parameter SQL Injection
Description: TinyMCE is a web-based WYSIWYG editor. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "menuID" parameter of the
"index.php" script before using it in an SQL query. TinyMCE version 2.0.1 
is affected.
Ref: http://www.securityfocus.com/bid/32899
______________________________________________________________________

08.52.37 CVE: Not Available
Platform: Web Application - SQL Injection
Title: r.cms Multiple SQL Injection Vulnerabilities
Description: r.cms is a web-based application. The application is
exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of
"index.php", "referenzdetail.php" and "produkte.php" scripts. r.cms
version 2 is affected.
Ref: http://www.securityfocus.com/bid/32900
______________________________________________________________________

08.52.38 CVE: Not Available
Platform: Web Application - SQL Injection
Title: DO-CMS "p" Parameter Multiple SQL Injection Vulnerabilities
Description: DO-CMS is a PHP-based content management system. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to "p" parameter of
the "index.php" and "page.php" scripts. DO-CMS version 3.0 is
affected.
Ref: http://www.securityfocus.com/bid/32906
______________________________________________________________________

08.52.39 CVE: Not Available
Platform: Web Application - SQL Injection
Title: EasySiteNetwork Jokes Complete Website "joke.php" SQL Injection
Description: EasySiteNetwork Jokes Complete Website is a web-based
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize input to the "id" parameter
of the "joke.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/499351
______________________________________________________________________

08.52.40 CVE: Not Available
Platform: Web Application - SQL Injection
Title: I-RATER Basic "messages.php" SQL Injection
Description: I-RATER Basic is a fee-based web site application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "idp" parameter of the
"messages.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32912
______________________________________________________________________

08.52.41 CVE: Not Available
Platform: Web Application - SQL Injection
Title: 2532|Gigs "index.php" SQL Injection
Description: 2532|Gigs is a PHP-based application that allows users to
manage events and concerts. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "password" parameter of the "login.php" script.
2532|Gigs version 1.2.2 is affected.
Ref: http://www.securityfocus.com/bid/32913
______________________________________________________________________

08.52.42 CVE: CVE-2008-2380
Platform: Web Application - SQL Injection
Title: Courier-Authlib Non-Latin Character Handling Postgres SQL
Injection
Description: Courier-Authlib is an authentication library for Courier
applications. The library is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data before being used
in an SQL query. This issue occurs when processing non-Latin
characters. Courier-Authlib versions prior to 0.62.0 are vulnerable.
Ref: http://www.courier-mta.org/authlib/changelog.html
______________________________________________________________________

08.52.43 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla HBS "com_hbssearch" Joomla! Component "r_type" Parameter
SQL Injection
Description: Joomla HBS (Joomla Hotel Booking System) "com_hbssearch"
is a PHP-based component for the Joomla! content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "r_type" parameter.
Joomla HBS "com_hbssearch" version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/32951
______________________________________________________________________

08.52.44 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla HBS "com_tophotelmodule" Joomla! Component "id"
Parameter SQL Injection
Description: Joomla HBS (Joomla Hotel Booking System)
"com_tophotelmodule" is a PHP-based component for the Joomla! content
manager. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "id"
parameter. Joomla HBS "com_tophotelmodule" version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/32952
______________________________________________________________________

08.52.45 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Constructr CMS "show_page" Parameter SQL Injection
Description: Constructr CMS is a web-based content management system.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "show_page"
parameter. Constructr CMS versions 3.02.5 and earlier are affected.
Ref: http://www.securityfocus.com/bid/32956
______________________________________________________________________

08.52.46 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Userlocator "y" Parameter SQL Injection
Description: Userlocator is a web-based application. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "y" parameter of the "locator.php"
script. Userlocator version 3.0 is affected.
Ref: http://www.milw0rm.com/exploits/7530
______________________________________________________________________

08.52.47 CVE: Not Available
Platform: Web Application - SQL Injection
Title: RSS Simple News "news.php" SQL Injection
Description: RSS Simple News is a PHP-based news script application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "pid" parameter of
the "news.php" script.
Ref: http://www.securityfocus.com/bid/32962
______________________________________________________________________

08.52.48 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Pligg "check_url.php" SQL Injection
Description: Pligg is a PHP-based content manager. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "url" parameter of the
"evb/check_url.php" script. Pligg version 9.9.5b is affected.
Ref: http://www.securityfocus.com/bid/32970
______________________________________________________________________

08.52.49 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla Apps Volunteer Management Component "job_id" Parameter
SQL Injection
Description: Joomla Apps Volunteer Management is a PHP-based component
for the Joomla! content manager. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "job_id" parameter to the "com_volunteer"
component. Volunteer Management version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/32973
______________________________________________________________________

08.52.50 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SolarCMS "cat" Parameter SQL Injection
Description: SolarCMS is a PHP-based content management system. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "cat" parameter of the
"index.php" script when called with the "com" parameter set to
"Forum". SolarCMS version 0.53.3.8 is affected.
Ref: http://www.securityfocus.com/bid/32974
______________________________________________________________________

08.52.51 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MySQL Calendar "username" Parameter SQL Injection
Description: MySQL Calendar is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data before using it in an SQL
query. This issue affects the "username" parameter of the "index.php"
script. MySQL Calendar versions 1.2 and earlier are affected.
Ref: http://www.securityfocus.com/bid/32978
______________________________________________________________________

08.52.52 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TYPO3 TU-Clausthal Staff Extension Unspecified SQL Injection
Description: TYPO3 TU-Clausthal Staff ("tuc_staff") is an extension
for the TYPO3 content manager. The extension is exposed to an SQL
injection issue because it fails to sufficiently sanitize input before
using it in an SQL-query. TU-Clausthal Staff version 0.3.0 is
affected.
Ref: http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/
______________________________________________________________________

08.52.53 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TYPO3 WEBERkommunal Facilities Extension Unspecified SQL
Injection
Description: WEBERkommunal Facilities ("wes_facilities") is an
extension for the TYPO3 content manager. The extension is exposed to
an SQL injection issue because it fails to sufficiently sanitize input
before using it in an SQL-query. WEBERkommunal Facilities version
2.0.0 is affected.
Ref: http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/
______________________________________________________________________

08.52.54 CVE: Not Available
Platform: Web Application
Title: ClaSS "scripts/export.php" Information Disclosure
Description: ClaSS is a student tracking and reporting application.
The application is exposed to an information disclosure issue because
it fails to sufficiently sanitize user-supplied input to the "ftype"
parameter in "scripts/export.php". ClaSS versions prior to 0.8.61 are
affected.
Ref: http://sourceforge.net/project/shownotes.php?release_id=648307
______________________________________________________________________

08.52.55 CVE: Not Available
Platform: Web Application
Title: Online Keyword Research Tool "download.php" Local File Include
Description: Online Keyword Research Tool is a PHP-based keyword
search tool. The application is exposed to a local file include issue
because it fails to properly sanitize user-supplied input to the
"filename" parameter of the "download.php" script.
Ref: http://www.securityfocus.com/bid/32932
______________________________________________________________________

08.52.56 CVE: Not Available
Platform: Web Application
Title: PECL Alternative PHP Cache Local HTML Injection
Description: PECL Alternative PHP Cache is a PHP-based content
manager. The application is exposed to an HTML injection issue because
it fails to properly sanitize user-supplied input before using it in
dynamically generated content.
Ref: http://www.securityfocus.com/archive/1/499424
______________________________________________________________________

08.52.57 CVE: Not Available
Platform: Web Application
Title: Extract Website "download.php" Local File Include
Description: Extract Website is a web-based application. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "filename" parameter
of the "download.php" script.
Ref: http://www.securityfocus.com/bid/32936
______________________________________________________________________

08.52.58 CVE: Not Available
Platform: Web Application
Title: K&S Shopsystem "images.php" Arbitrary File Upload
Description: K&S Shopsystem is a web application. The application is
exposed to an issue that lets attackers upload arbitrary files. The
issue occurs because the application fails to adequately sanitize
user-supplied input.
Ref: http://www.securityfocus.com/bid/32888
______________________________________________________________________

08.52.59 CVE: Not Available
Platform: Web Application
Title: Drupal Services Module Insecure Signing Multiple Security
Vulnerabilities
Description: The Service module for the Drupal content manager
provides an API for exposing Drupal functions, allowing clients to
call server methods to obtain data for local processing. Services
versions prior to 5.x-0.92 and 6.x-013 are affected.
Ref: http://drupal.org/node/348295
______________________________________________________________________

08.52.60 CVE: Not Available
Platform: Web Application
Title: ADbNewsSender SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: ADbNewsSender is a web-based application used to send
newsletters. The application is exposed to multiple input validation
issues. Exploiting these issues could allow an attacker to steal
cookie-based authentication credentials, compromise the application,
access or modify data, or exploit latent vulnerabilities in the
underlying database. ADbNewsSender versions prior to 1.5.2 are
affected.
Ref: http://sourceforge.net/project/shownotes.php?release_id=647876
______________________________________________________________________

08.52.61 CVE: Not Available
Platform: Web Application
Title: 2532designs 2532|Gigs Local File Include and Arbitrary File
Upload Vulnerabilities
Description: 2532|Gigs is a PHP-based application that allows users to
manage events and concerts. The application is exposed to multiple
input validation issues. 2532|Gigs version 1.2.2 is affected.
Ref: http://www.securityfocus.com/bid/32911
______________________________________________________________________

08.52.62 CVE: Not Available
Platform: Web Application
Title: MySQL Calendar Cookie Authentication Bypass
Description: MySQL Calendar is web-based calendar application. The
application is exposed to an authentication bypass issue because it
fails to adequately verify user-supplied input used for cookie-based
authentication. MySQL Calendar version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/32914
______________________________________________________________________

08.52.63 CVE: Not Available
Platform: Web Application
Title: Phpclanwebsite Multiple Input Validation Vulnerabilities
Description: Phpclanwebsite is a PHP-based content management system.
Phpclanwebsite is exposed to multiple issues. Phpclanwebsite versions
1.23.3 Fix Pack #5 is affected.
Ref: http://www.securityfocus.com/bid/32915
______________________________________________________________________

08.52.64 CVE: Not Available
Platform: Web Application
Title: 2532|Gigs "calcss_edit.php" Remote Command Execution
Description: 2532|Gigs is a PHP-based application that allows users to
manage events and concerts. 2532|Gigs is exposed to an issue that
attackers can leverage to execute arbitrary commands. This issue
occurs because the application fails to adequately sanitize
user-supplied input to the "content" parameter of the
"calcss_edit.php" script. 2532|Gigs version 1.2.2 is affected.
Ref: http://www.securityfocus.com/bid/32916
______________________________________________________________________

08.52.65 CVE: Not Available
Platform: Web Application
Title: Gobbl CMS Cookie Authentication Bypass
Description: Gobbl CMS is web-based content manager. The application
is exposed to an authentication bypass issue because it fails to
adequately verify user-supplied input used for cookie-based
authentication. Gobbl CMS version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/32918
______________________________________________________________________

08.52.66 CVE: Not Available
Platform: Web Application
Title: MyPHPsite "index.php" Local File Include
Description: MyPHPsite is a web application implemented in PHP. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "mod" parameter of the
"index.php" script.
Ref: http://www.securityfocus.com/bid/32919
______________________________________________________________________

08.52.67 CVE: Not Available
Platform: Web Application
Title: Fujitsu-Siemens WebTransactions Unspecified Remote Command
Execution
Description: Fujitsu-Siemens WebTransactions is a web-based
application available for a number of platforms. Fujitsu-Siemens
WebTransactions is exposed to an issue that attackers can leverage to
execute arbitrary commands. This issue occurs because the
"WBPublish.exe" process fails to adequately sanitize user-supplied
input passed to a "system()" function call when cleaning up temporary
files. WebTransactions versions 6.0, 7.0 and 7.1 are affected.
Ref: http://www.securityfocus.com/archive/1/499417
______________________________________________________________________

08.52.68 CVE: Not Available
Platform: Web Application
Title: PECL Alternative PHP Cache Local Denial of Service
Description: PECL Alternative PHP Cache (APC) Extension is an
intermediate code cache for PHP. 
The application is exposed to a local denial of service issue.
Specifically, a local user may either fill the cache, or repeatedly
delete all files from the cache. This is most likely to be an issue in
a shared hosting environment. Alternative PHP Cache versions 3.1.1 and
3.0.19 are affected.
Ref: http://www.securityfocus.com/archive/1/499424
______________________________________________________________________

08.52.69 CVE: Not Available
Platform: Web Application
Title: FreeLyrics "source.php" Information Disclosure
Description: FreeLyrics is a PHP-based application that stores
artists, song names and lyrics. The application is exposed to an
information disclosure issue because it fails to properly restrict
what files can be specified through the "p" parameter of the
"source.php" script. FreeLyrics version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/32946
______________________________________________________________________

08.52.70 CVE: Not Available
Platform: Web Application
Title: BLOG "image_upload.php" Arbitrary File Upload
Description: BLOG is a web application. The application is exposed to
an issue that lets attackers upload arbitrary files. The issue occurs
because the application fails to adequately sanitize user-supplied
input. BLOG version 1.55b is affected.
Ref: http://www.securityfocus.com/bid/32953
______________________________________________________________________

08.52.71 CVE: Not Available
Platform: Web Application
Title: ReVou Arbitrary File Upload
Description: ReVou is a web-based twitter clone. The application is
exposed to an issue that lets attackers upload arbitrary files. The
issue occurs because the application fails to adequately sanitize
user-supplied input.
Ref: http://www.securityfocus.com/bid/32954
______________________________________________________________________

08.52.72 CVE: Not Available
Platform: Web Application
Title: Constructr CMS Directory Traversal
Description: Constructr CMS is a web-based content management system.
The application is exposed to a directory traversal issue because it
fails to adequately sanitize user-supplied input. Specifically, the
issue affects the "edit_file" parameter of the "template.php" script.
Constructr CMS versions 3.02.5 and earlier are affected.
Ref: http://www.securityfocus.com/bid/32957
______________________________________________________________________

08.52.73 CVE: Not Available
Platform: Web Application
Title: OneOrZero Arbitrary File Upload
Description: OneOrZero is a web-based task-management and helpdesk
application. The application is exposed to an issue that lets
attackers upload arbitrary files. The issue occurs because the
"uploadAttachment()" function of the application fails to adequately
sanitize user-supplied input.
Ref: http://www.securityfocus.com/bid/32959
______________________________________________________________________

08.52.74 CVE: Not Available
Platform: Web Application
Title: phpg Multiple Input Validation Vulnerabilities
Description: phpg is a PHP-based image gallery. Since it fails to
sufficiently sanitize user-supplied data, the application is exposed
to multiple input validation  issues. phpg version 1.6 is affected.
Ref: http://www.securityfocus.com/bid/32963
______________________________________________________________________

08.52.75 CVE: CVE-2008-4303, CVE-2008-4304, CVE-2008-4305
Platform: Web Application
Title: phpCollab Multiple Input Validation Vulnerabilities
Description: phpCollab is a PHP-based collaboration and
project management application. The application is exposed to multiple
input validation issues. Successfully exploiting these issues may
allow an attacker to compromise the application, execute arbitrary PHP
code and shell commands, access or modify data, or exploit latent
vulnerabilities in the underlying database.

Ref: http://www.securityfocus.com/bid/32964
______________________________________________________________________

08.52.76 CVE: Not Available
Platform: Web Application
Title: Page Flip Image Gallery "getConfig.php" Information Disclosure
Description: Page Flip Image Gallery is a photo gallery plugin for
WordPress. The application is exposed to an information disclosure
issue because it fails to properly restrict what files can be
specified through the "book_id" parameter of the "getConfig.php"
script. Page Flip Image Gallery version 0.2.2 is affected.
Ref: http://www.securityfocus.com/bid/32966
______________________________________________________________________

08.52.77 CVE: Not Available
Platform: Web Application
Title: Git gitweb "diff.external" Local Privilege Escalation
Description: gitweb is a web-based interface to the Git revision
control system. The software is exposed to  a local privilege
escalation issue that occurs because gitweb may execute a command
specified as the "diff.external" parameter of a repository. Git 
versions prior to 1.5.4.7, 1.5.5.6, 1.5.6.6 and 1.6.0.6 are affected.
Ref:
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01169.
html
______________________________________________________________________

08.52.78 CVE: Not Available
Platform: Web Application
Title: Text Lines Rearrange Script "download.php" Information
Disclosure
Description: Text Lines Rearrange Script is a PHP-based application
that rearranges text files. The application is exposed to an
information disclosure issue because it fails to properly restrict
what files can be specified through the "filename" parameter of the
"download.php" script.
Ref: http://www.securityfocus.com/bid/32968
______________________________________________________________________

08.52.79 CVE: Not Available
Platform: Web Application
Title: Merak Mail Server and Webmail Email Message HTML Injection
Description: Merak Mail Server and Webmail are mail server applications
written for multiple platforms. The applications are exposed to an
HTML injection issue because they fail to properly sanitize
user-supplied input before using it in dynamically generated content.
Ref: http://www.securityfocus.com/bid/32969
______________________________________________________________________

08.52.80 CVE: Not Available
Platform: Web Application
Title: TYPO3 WEC Discussion Extension SQL Injection and Cross-Site
Scripting Vulnerabilities
Description: "wec_discussion" is an extension for the TYPO3 content
manager. The extension is exposed to multiple SQL injection and
cross-site scripting issues because it fails to sufficiently sanitize
user-supplied data to certain unspecified parameters."wec_discussion"
versions prior to 1.7.1 are affected.
Ref: http://typo3.org/teams/security/security-bulletins/typo3-20081222-2/
______________________________________________________________________

08.52.81 CVE: Not Available
Platform: Network Device
Title: Linksys Wireless-G ADSL Gateway WAG54GS V2.0 Remote Buffer
Overflow
Description: The Linksys Wireless-G ADSL Gateway is a multi-purpose
device which includes a router and an 802.11g wireless access point.
Linksys Wireless-G ADSL Gateway WAG54GS V2.0 is susceptible to a
remote buffer overflow issue that occurs due to insufficient buffer
boundary verification prior to copying user-supplied data. Linksys
Wireless-G ADSL Gateway WAG54GS version V2.0 running firmware version
1.02.20 is affected.
Ref: http://www.bmgsec.com.au/advisory/44/
______________________________________________________________________

08.52.82 CVE: Not Available
Platform: Network Device
Title: PowerStrip "pstrip.sys" Local Privilege Escalation
Description: PowerStrip is a driver that provides multi-monitor
hardware support for several graphics card. PowerStrip is exposed to a
local privilege escalation issue in the "pstrip.sys" driver. The
problem occurs in the IOCTL handling code. PowerStrip version 3.84 is
affected.
Ref: http://www.ntinternals.org/ntiadv0810/ntiadv0810.html
______________________________________________________________________

08.52.83 CVE: Not Available
Platform: Network Device
Title: COMTREND CT-536 and HG-536 Routers Multiple Remote
Vulnerabilities
Description: The routers are exposed to multiple remote issues. CT-536
and FG-536 firmware A101-302JAZ-C01_R05 is affected.
Ref: http://www.securityfocus.com/archive/1/499503
______________________________________________________________________
[ terug ]